Hello
You may need to set a route on your default gateway (192.168.1.254) to your
strongswan gateway (192.168.1.51) for the ipad-network (10.8.0.0/24) so
received packets can be routed to your ipda.
Cheers
Uli
--
Message:
Hi Chris,
If anyone could help me out in figuring out why:
A) the attr plugin doesn't seem to be working
I looked into that and it seems the attr plugin only supports IP
addresses and subnets as values (i.e. no strings or ints). The attr-sql
plugin [1] supports more types, so that might be
Tobias,
Thanks for the reply.
Regarding the attr plugin only supporting IP addresses, phew - I had looked
a few times at that code and compared it w/ the docs and thought I was just
missing something that would allow arbitrary values through. Good to know,
I'll try the attr_sql plugin in the
Hi Tobias,
I finally get my tunnel to work. To me the key was to make sure the SAN of the
server side cert has to be he host address of the vpn server, so the
configuration can match.
many thanks to you and others for the help.
-zhen
From: Tobias
Hello,
Does charon remove CRLs files cached from /etc/ipsec.d/crls directory when
started ?
Best Regards
Mugur
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Hi Chris,
which iOS version do you use on your device? Because I just tried how
the VPN client behaves on an iPhone 3GS with iOS 5.0.1. And well, I can
save the password even without sending UNITY_SAVE_PASSWD (I did not try
what happens if I do, actually).
Tobias,
This is with an iPhone 4S on iOS 5.0.1 - just in case this is an issue w/
my VPN config, I'm including my setup below:
config setup
charonstart=no
plutostart=yes
plutodebug=all
plutostderrlog=/var/log/pluto.log
nat_traversal=yes
conn iphone
modeconfig=pull
type=tunnel
The German BSI Grundschutzhandbuch requests that timeouts for the IKE phase 1
and 2 shall not be too large.
As an example 15 seconds for phase 1 and 10 seconds fore phase 2 are mentioned.
What is the reason for this ?
What are the configuration options in strongSwan for these timeout values ?
Hello Mugur,
charon does not remove any CRL files form /etc/ipsec.d/crls.
When the CLR becomes stale and a new CRL can be fetched then
the file will be overwritten.
Regards
Andreas
On 11/28/2011 05:00 PM, ABULIUS, MUGUR (MUGUR) wrote:
Hello,
Does charon remove CRLs files cached from
Hi Rainer,
15 seconds and 10 seconds are utterly masochistic! The daemon will
be occupied with rekeying all the time! Our defaults are 3 hours
for phase 1 and 1 hour for phase2 which is vary paranoid compared
with commercial products which rather opt for 24h / 8h.
Regards
Andreas
On 11/28/2011
Hi Chris,
With this config, w/ and w/o UNITY_SAVE_PASSWD, I get prompted for XAuth
credentials on each VPN connect. The VPN connection is added through a
.mobileconfig file, using VPN on demand on the iOS side.
Ah, I didn't know this feature and I never actually used Apple's
configuration
On 28.11.2011 19:08, Tobias Brunner wrote:
which iOS version do you use on your device? Because I just tried how
the VPN client behaves on an iPhone 3GS with iOS 5.0.1. And well, I can
save the password even without sending UNITY_SAVE_PASSWD (I did not try
what happens if I do, actually).
Tobias,
Awesome! That sounds like it will work, thanks so much for the great find!!
Chris Zelenak
On Monday, November 28, 2011, Tobias Brunner tob...@strongswan.org wrote:
Hi Chris,
With this config, w/ and w/o UNITY_SAVE_PASSWD, I get prompted for XAuth
credentials on each VPN connect.
Hi Chris!
Sorry for hijacking your thread - I recently setup strongSwan
(4.4.1-5.2) and connecting with my iPhone works fine, but only on the
first login. Further logins will fail and I have to restart strongSwan.
I wonder if I am the only person with this problem or if you experience
similar
Tobias,
Tested and that works great. Thanks again!
Chris Zelenak
On Mon, Nov 28, 2011 at 5:01 PM, Tobias Brunner tob...@strongswan.orgwrote:
Hi Chris,
With this config, w/ and w/o UNITY_SAVE_PASSWD, I get prompted for XAuth
credentials on each VPN connect. The VPN connection is added
Klaus,
I haven't experienced that problem myself - I'm using strongSwan 4.6.1
compiled with the following:
./configure --enable-mysql --enable-sql --enable-attr-sql
--enable-cisco-quirks --enable-medsrv --enable-mediation --enable-medcli
--enable-manager --enable-smp --with-group=vpn
Greetings,
Appreciate if someone can give me a hand to track down a hard to reproduce
freeze up problem.
When the problem occurs, support staffs can remote login and the system appears
normal in cpu load, disk usage and memory usage. Only charon appears dead. ps
aux shows charon is in 'S'
Hello Simon,
there is not much sense in tracking down a problem in strongSwan 4.3.2
which was released in June 2009, i.e. more than two years ago. In the
meantime many improvements to the longtime stability of the charon
daemon were made. Please update to strongSwan 4.6.1 and check if the
freeze
Hi Folks,
I'm running a Ubuntu Server 10.04.03 LTS with latest patches. I'm using
Strongswan from Ubuntu Lucid packages. Ipsec version shows following
output:Linux strongSwan U4.3.2/K2.6.32-35-server
I have 26 ipsec tunnels. Some connections setup's are equal and some
setups differ.
When I
19 matches
Mail list logo